| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250809032020.51380-1-fangyu.yu@linux.alibaba.com>
Date: Sat, 9 Aug 2025 11:20:20 +0800
From: fangyu.yu@...ux.alibaba.com
To: rkrcmar@...tanamicro.com
Cc: alex@...ti.fr,
anup@...infault.org,
aou@...s.berkeley.edu,
atish.patra@...ux.dev,
fangyu.yu@...ux.alibaba.com,
guoren@...ux.alibaba.com,
kvm-riscv@...ts.infradead.org,
kvm@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-riscv-bounces@...ts.infradead.org,
linux-riscv@...ts.infradead.org,
palmer@...belt.com,
paul.walmsley@...ive.com
Subject: Re: [PATCH] RISC-V: KVM: Using user-mode pte within kvm_riscv_gstage_ioremap
>> From: Fangyu Yu <fangyu.yu@...ux.alibaba.com>
>>
>> Currently we use kvm_riscv_gstage_ioremap to map IMSIC gpa to the spa of
> ^^^
> hpa?
>
Yes, I think they mean the same thing, RISC-V IOMMU Spec defines spa
(Supervisor Physical Address).
>> guest interrupt file within IMSIC.
>>
>> The PAGE_KERNEL_IO property does not include user mode settings, so when
>> accessing the IMSIC address in the virtual machine, a guest page fault
>> will occur, this is not expected.
>
>PAGE_KERNEL_IO also set the reserved G bit, so you're fixing two issues
>with a single change. :)
>
Right, The G bit in all G-stage PTEs is reserved for future standard use.
>> According to the RISC-V Privileged Architecture Spec, for G-stage address
>> translation, all memory accesses are considered to be user-level accesses
>> as though executed in Umode.
>
>What implementation are you using? I would have assume that the
>original code was tested on QEMU, so we might have a bug there.
>
This issue can be reproduced using QEMU.
Since kvm has registered the MMIO Bus for IMSIC gpa, when a guest
page fault occurs, it will call the imsic_mmio_write function,the
guest irq will be written to the guest interrupt file by kvm.
>> Signed-off-by: Fangyu Yu <fangyu.yu@...ux.alibaba.com>
>> ---
>> diff --git a/arch/riscv/kvm/mmu.c b/arch/riscv/kvm/mmu.c
>> @@ -359,8 +360,11 @@ int kvm_riscv_gstage_ioremap(struct kvm *kvm, gpa_t gpa,
>> end = (gpa + size + PAGE_SIZE - 1) & PAGE_MASK;
>> pfn = __phys_to_pfn(hpa);
>>
>> + prot = pgprot_noncached(PAGE_WRITE);
>> +
>> for (addr = gpa; addr < end; addr += PAGE_SIZE) {
>> - pte = pfn_pte(pfn, PAGE_KERNEL_IO);
>> + pte = pfn_pte(pfn, prot);
>> + pte = pte_mkdirty(pte);
>
>Is it necessary to dirty the pte?
>
>It was dirtied before, so it definitely doesn't hurt,
>
Make pte dirty is necessary(for hardware without Svadu), and here is
the first time to make this pte dirty.
>Reviewed-by: Radim Krčmář <rkrcmar@...tanamicro.com>
>
>Thanks.
Thanks,
fangyu
Powered by blists - more mailing lists